Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| networking:cisco:vty [2026/02/02 12:30] – [SSH] ilyasa | networking:cisco:vty [2026/02/02 12:44] (current) – [Konfigurasi SSH] ilyasa | ||
|---|---|---|---|
| Line 97: | Line 97: | ||
| * **Step 1 – Verifikasi IOS Mendukung SSH** | * **Step 1 – Verifikasi IOS Mendukung SSH** | ||
| | | ||
| - | Pastikan image IOS mendukung | + | Untuk mengonfigurasi |
| + | Image IOS yang mendukung SSH akan memiliki ' | ||
| + | contoh : | ||
| < | < | ||
| R1#show version | R1#show version | ||
| - | Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), | + | Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), |
| - | Version 15.9(3)M6, RELEASE SOFTWARE (fc1) | + | Technical Support: http:// |
| + | Copyright (c) 1986-2022 by Cisco Systems, Inc. | ||
| + | Compiled Mon 08-Aug-22 15:22 by mcpre | ||
| + | ... | ||
| </ | </ | ||
| Line 110: | Line 115: | ||
| | | ||
| Domain name diperlukan untuk membentuk **FQDN (Fully Qualified Domain Name)** yang akan digunakan sebagai nama RSA key. | Domain name diperlukan untuk membentuk **FQDN (Fully Qualified Domain Name)** yang akan digunakan sebagai nama RSA key. | ||
| - | |||
| < | < | ||
| R1(config)# | R1(config)# | ||
| Line 128: | Line 132: | ||
| < | < | ||
| + | R1(config)# | ||
| The name for the keys will be: R1.labyas.my.id | The name for the keys will be: R1.labyas.my.id | ||
| + | Choose the size of the key modulus in the range of 360 to 4096 for your | ||
| + | General Purpose Keys. Choosing a key modulus greater than 512 may take | ||
| + | a few minutes. | ||
| </ | </ | ||
| Line 151: | Line 159: | ||
| < | < | ||
| + | R1(config)# | ||
| *Dec 22 10: | *Dec 22 10: | ||
| </ | </ | ||
| Line 158: | Line 167: | ||
| < | < | ||
| R1#show ip ssh | R1#show ip ssh | ||
| + | SSH Enabled - version 1.99 | ||
| + | Authentication methods: | ||
| + | Authentication Publickey Algorithms: | ||
| + | Hostkey Algorithms: | ||
| + | Encryption Algorithms: | ||
| + | MAC Algorithms: | ||
| + | KEX Algorithms: | ||
| + | Authentication timeout: 120 secs; Authentication retries: 3 | ||
| + | Minimum expected Diffie Hellman key size : 2048 bits | ||
| + | IOS Keys in SECSH format(ssh-rsa, | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHjXiLjNODKOGzDSqds1fCkioEwYxDFAt5u35Rxd2O | ||
| + | BcSJNnjIM2Z3OjZjORP3P+X/ | ||
| + | 591NNObxMWWOzkO2w75p6MJqOXTem2pT0PedVS6Qe6m6KdLvEGfSw/ | ||
| + | WVMk/ | ||
| + | Im/ | ||
| </ | </ | ||
| ---- | ---- | ||
| - | * **Step 6 – (Optional) | + | * **Step 6 – Konfigurasi |
| - | + | Sekarang hanya perlu mengaktifkan ssh pada '' | |
| - | Username digunakan untuk autentikasi login SSH, sedangkan ACL membatasi subnet yang diizinkan mengakses VTY line. | + | |
| < | < | ||
| - | R1(config)# | ||
| - | R1(config)# | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | * **Step 7 – Konfigurasi VTY Line** | ||
| - | | ||
| - | SSH diaktifkan pada VTY line. Secara default tersedia 5 line (0–4). | ||
| - | |||
| - | < | ||
| - | R1(config)# | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | * **Step 8 – Konfigurasi Keamanan VTY** | ||
| - | | ||
| - | Beberapa perintah tambahan untuk meningkatkan keamanan akses SSH: | ||
| - | * '' | ||
| - | * '' | ||
| - | * '' | ||
| - | |||
| - | < | ||
| - | R1(config-line)# | ||
| - | R1(config-line)# | ||
| - | R1(config-line)# | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | * **Step 9 – Konfigurasi Transport Input** | ||
| - | | ||
| - | Batasi VTY agar **hanya menerima koneksi SSH**. | ||
| - | |||
| - | < | ||
| - | R1(config-line)# | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | === Full Konfigurasi SSH ==== | ||
| - | |||
| - | < | ||
| - | ip domain name labyas.my.id | ||
| username ilyasa secret ccna | username ilyasa secret ccna | ||
| access-list 1 permit 192.168.122.0 0.0.0.255 | access-list 1 permit 192.168.122.0 0.0.0.255 | ||
| - | |||
| - | crypto key generate rsa | ||
| line vty 0 4 | line vty 0 4 | ||
| Line 223: | Line 199: | ||
| | | ||
| </ | </ | ||
| - | |||
| - | ---- | ||
| === Hasil Test SSH ==== | === Hasil Test SSH ==== | ||
| + | |||
| + | <WRAP center round info 90%> | ||
| + | Opsi '' | ||
| + | </ | ||
| + | |||
| < | < | ||
| ilyasa@lept0p: | ilyasa@lept0p: | ||
| - | </ | ||
| - | < | ||
| The authenticity of host ' | The authenticity of host ' | ||
| RSA key fingerprint is SHA256: | RSA key fingerprint is SHA256: | ||
| - | Are you sure you want to continue connecting (yes/no)? yes | + | This key is not known by any other names. |
| - | </ | + | Are you sure you want to continue connecting (yes/no/ |
| + | Warning: Permanently added ' | ||
| - | < | + | ************************************************************************** |
| + | * IOSv is strictly limited to use for evaluation, demonstration and IOS * | ||
| + | * education. IOSv is provided as-is and is not supported by Cisco' | ||
| + | * Technical Advisory Center. Any use or disclosure, in whole or in part, * | ||
| + | * of the IOSv Software or Documentation to any third party for any * | ||
| + | * purposes is expressly prohibited except as otherwise authorized by * | ||
| + | * Cisco in writing. | ||
| + | ********************************* **************************************** | ||
| ([email protected]) Password: | ([email protected]) Password: | ||
| + | |||
| + | |||
| + | |||
| + | ************************************************************************** | ||
| + | * IOSv is strictly limited to use for evaluation, demonstration and IOS * | ||
| + | * education. IOSv is provided as-is and is not supported by Cisco' | ||
| + | * Technical Advisory Center. Any use or disclosure, in whole or in part, * | ||
| + | * of the IOSv Software or Documentation to any third party for any * | ||
| + | * purposes is expressly prohibited except as otherwise authorized by * | ||
| + | * Cisco in writing. | ||
| + | ************************************************************************** | ||
| R1> | R1> | ||
| </ | </ | ||